Skip to content

Your dependency has a lower status then your project violation

Jump to bottom
Martin Chalupa edited this page May 15, 2018 · 2 revisions

Explanation

When you are publishing a release build and your first level dependency (directly specified in your build file) is with lower status like candidate (e.g. 1.2.0-rc.2 or latest.candidate) or snapshot (e.g. 1.2.0-SNAPSHOT or latest.snapshot) your build will fail. The reason for this check is protection a protection of your consumers. As a library producer, you could easily introduce lower status of dependencies in your consumer dependency graph. We consider that dependency with lower status means also lower or not completely guaranteed quality. This verification will explicitly highlight such dependencies and you can make an appropriate decision how to handle them instead of silently publishing.

How to resolve

The solution could be slightly different depending on your situation:

  • Concrete violating version 1.2.0-rc.2 could be replaced with stable version 1.2.0
  • latest.candidate can be replaced with latest.release
  • Open range version 1.+ can currently also resolve to 1.5-SNAPSHOT, then you can switch to a preferred fixed version.
  • You might be having the right version in your file but some of your dependencies is depending on a lower status version which will win conflict resolution. The best is to fix your downstream library not depend on the lower status library.
  • It can be a completely valid situation, that you depend on a candidate. Then you can ignore given library from this verification.
Clone this wiki locally